You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/03/17 11:26:38 UTC

[36/50] git commit: updated refs/heads/master to 3c429ee

No hardcoded passwords.
  - If for some reason the cmdLine json doesn't contain the password key, which is almost impossible to happen,
    we generate a password based on other unique data per VPC


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/e7969b64
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/e7969b64
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/e7969b64

Branch: refs/heads/master
Commit: e7969b640b6e7e1d4be5df37e86f65dbb49bae64
Parents: 4b66043
Author: wilderrodrigues <wr...@schubergphilis.com>
Authored: Tue Feb 10 19:30:45 2015 +0100
Committer: wilderrodrigues <wr...@schubergphilis.com>
Committed: Mon Mar 16 11:40:06 2015 +0100

----------------------------------------------------------------------
 .../debian/config/opt/cloud/bin/cs/CsDatabag.py        | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e7969b64/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py
index d58a642..b2e559d 100644
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py
@@ -15,6 +15,7 @@
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
+import hashlib
 from merge import DataBag
 
 
@@ -131,4 +132,14 @@ class CsCmdLine(CsDataBag):
     def get_router_password(self):
         if "router_password" in self.idata():
             return self.idata()['router_password']
-        return "k3ep@liv3D"
+        
+        '''
+        Generate a password based on the router id just to avoid hard-coded passwd.
+        Remark: if for some reason 1 router gets configured, the other one will have a different password.
+        This is slightly difficult to happen, but if it does, destroy the router with the password generated with the
+        code below and restart the VPC with out the clean up option.
+        '''
+        passwd = "%s-%s" % (self.get_vpccidr, self.get_router_id())
+        md5 = hashlib.md5()
+        md5.update(passwd)
+        return md5.hexdigest()